- Introduce ap_log_cserror to allow mod_ssl to associate log messages to

different servers than c->base_server.
- Adjust the scope of some mod_ssl trace logging from server to conn.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@954611 13f79535-47bb-0310-9956-ffa450edef68

include/ap_mmn.h

@@ -228,6 +228,7 @@
  * 20100606.1 (2.3.6-dev)  Added extended timestamp formatting via
  *                         ap_recent_ctime_ex().
  * 20100609.0 (2.3.6-dev)  Dropped ap_args_to_table due to missing constraints.
+ * 20100609.1 (2.3.7-dev)  Introduce ap_log_cserror()
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -235,7 +236,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20100609
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 0                     /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1                     /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a

include/http_config.h

@@ -497,6 +497,18 @@ AP_DECLARE(int) ap_get_server_module_loglevel(const server_rec *s, int index);
  */
 AP_DECLARE(int) ap_get_conn_module_loglevel(const conn_rec *c, int index);
 
+/**
+ * Generic accessor for modules the module-specific loglevel
+ * @param c The connection from which to get the loglevel.
+ * @param s The server from which to get the loglevel if c does not have a
+ *          specific loglevel configuration.
+ * @param index The module_index of the module to get the loglevel for.
+ * @return The module-specific loglevel
+ */
+AP_DECLARE(int) ap_get_conn_server_module_loglevel(const conn_rec *c,
+                                                   const server_rec *s,
+                                                   int index);
+
 /**
  * Generic accessor for modules to get the module-specific loglevel
  * @param r The request from which to get the loglevel.
@@ -521,6 +533,11 @@ AP_DECLARE(void) ap_set_module_loglevel(apr_pool_t *p, struct ap_logconf *l,
     ((c)->log             ? (c)->log             : \
      &(c)->base_server->log)
 
+#define ap_get_conn_server_logconf(c,s)                             \
+    ( ( (c)->log != &(c)->base_server->log && (c)->log != NULL )  ? \
+      (c)->log                                                    : \
+      &(s)->log )
+
 #define ap_get_request_logconf(r)                  \
     ((r)->log             ? (r)->log             : \
      (r)->connection->log ? (r)->connection->log : \
@@ -537,6 +554,9 @@ AP_DECLARE(void) ap_set_module_loglevel(apr_pool_t *p, struct ap_logconf *l,
 #define ap_get_conn_module_loglevel(c,i)  \
     (ap_get_module_loglevel(ap_get_conn_logconf(c),i))
 
+#define ap_get_conn_server_module_loglevel(c,s,i)  \
+    (ap_get_module_loglevel(ap_get_conn_server_logconf(c,s),i))
+
 #define ap_get_request_module_loglevel(r,i)  \
     (ap_get_module_loglevel(ap_get_request_logconf(r),i))
 

include/http_log.h

@@ -136,6 +136,10 @@ static int * const aplog_module_index;
           ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||       \
             (ap_get_conn_module_loglevel(c, module_index)        \
              >= ((level)&APLOG_LEVELMASK) ) )
+#define APLOG_CS_MODULE_IS_LEVEL(c,s,module_index,level)            \
+          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||          \
+            (ap_get_conn_server_module_loglevel(c, s, module_index) \
+             >= ((level)&APLOG_LEVELMASK) ) )
 #define APLOG_R_MODULE_IS_LEVEL(r,module_index,level)            \
           ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||       \
             (ap_get_request_module_loglevel(r, module_index)     \
@@ -147,6 +151,11 @@ static int * const aplog_module_index;
             (s == NULL) ||                                       \
             (ap_get_server_module_loglevel(s, module_index)      \
              >= ((level)&APLOG_LEVELMASK) ) ) )
+#define APLOG_CS_MODULE_IS_LEVEL(c,s,module_index,level)            \
+        ( (((level)&APLOG_LEVELMASK) <= APLOG_MAX_LOGLEVEL) &&      \
+          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||          \
+            (ap_get_conn_server_module_loglevel(c, s, module_index) \
+             >= ((level)&APLOG_LEVELMASK) ) ) )
 #define APLOG_C_MODULE_IS_LEVEL(c,module_index,level)            \
         ( (((level)&APLOG_LEVELMASK) <= APLOG_MAX_LOGLEVEL) &&   \
           ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||       \
@@ -163,6 +172,8 @@ static int * const aplog_module_index;
     APLOG_MODULE_IS_LEVEL(s,APLOG_MODULE_INDEX,level)
 #define APLOG_C_IS_LEVEL(c,level)   \
     APLOG_C_MODULE_IS_LEVEL(c,APLOG_MODULE_INDEX,level)
+#define APLOG_CS_IS_LEVEL(c,s,level) \
+    APLOG_CS_MODULE_IS_LEVEL(c,s,APLOG_MODULE_INDEX,level)
 #define APLOG_R_IS_LEVEL(r,level)   \
     APLOG_R_MODULE_IS_LEVEL(r,APLOG_MODULE_INDEX,level)
 
@@ -327,7 +338,7 @@ AP_DECLARE(void) ap_log_perror_(const char *file, int line, int module_index,
 
 /**
  * ap_log_rerror() - log messages which are related to a particular
- * request.  This uses a a printf-like format to log messages to the
+ * request.  This uses a printf-like format to log messages to the
  * error_log.
  * @param file The file in which this function is called
  * @param line The line number on which this function is called
@@ -362,7 +373,7 @@ AP_DECLARE(void) ap_log_rerror_(const char *file, int line, int module_index,
 
 /**
  * ap_log_cerror() - log messages which are related to a particular
- * connection.  This uses a a printf-like format to log messages to the
+ * connection.  This uses a printf-like format to log messages to the
  * error_log.
  * @param file The file in which this function is called
  * @param line The line number on which this function is called
@@ -397,6 +408,47 @@ AP_DECLARE(void) ap_log_cerror_(const char *file, int line, int module_level,
                                 const conn_rec *c, const char *fmt, ...)
 			    __attribute__((format(printf,7,8)));
 
+/**
+ * ap_log_cserror() - log messages which are related to a particular
+ * connection and to a vhost other than c->base_server.  This uses a
+ * printf-like format to log messages to the error_log.
+ * @param file The file in which this function is called
+ * @param line The line number on which this function is called
+ * @param level The level of this error message
+ * @param module_index The module_index of the module generating this message
+ * @param status The status code from the previous command
+ * @param c The connection which we are logging for
+ * @param s The server which we are logging for
+ * @param fmt The format string
+ * @param ... The arguments to use to fill out fmt.
+ * @note Use APLOG_MARK to fill out file and line
+ * @note If a request_rec is available, use that with ap_log_rerror()
+ * in preference to calling this function. This function is mainly useful for
+ * modules like mod_ssl to use before the request_rec is created.
+ * @warning It is VERY IMPORTANT that you not include any raw data from 
+ * the network, such as the request-URI or request header fields, within 
+ * the format string.  Doing so makes the server vulnerable to a 
+ * denial-of-service attack and other messy behavior.  Instead, use a 
+ * simple format string like "%s", followed by the string containing the 
+ * untrusted data.
+ */
+#if __STDC_VERSION__ >= 199901L
+/* need additional step to expand APLOG_MARK first */
+#define ap_log_cserror(...) ap_log_cserror__(__VA_ARGS__)
+#define ap_log_cserror__(file, line, mi, level, status, c, s, ...)  \
+    do { if (APLOG_CS_MODULE_IS_LEVEL(c, s, mi, level))             \
+             ap_log_cserror_(file, line, mi, level, status, c, s,   \
+                             __VA_ARGS__);                          \
+    } while(0)
+#else
+#define ap_log_cserror ap_log_cserror_
+#endif
+AP_DECLARE(void) ap_log_cserror_(const char *file, int line, int module_level,
+                                 int level, apr_status_t status,
+                                 const conn_rec *c, const server_rec *s,
+                                 const char *fmt, ...)
+                             __attribute__((format(printf,8,9)));
+
 /**
  * Convert stderr to the error log
  * @param s The current server

modules/ssl/ssl_engine_io.c

@@ -1017,11 +1017,12 @@ static void ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
     SSL_smart_shutdown(ssl);
 
     /* and finally log the fact that we've closed the connection */
-    if (APLOG_C_IS_LEVEL(c, loglevel)) {
+    if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), loglevel)) {
-        ap_log_cerror(APLOG_MARK, loglevel, 0, c,
+        ap_log_cserror(APLOG_MARK, loglevel, 0, c, mySrvFromConn(c),
-                      "Connection closed to child %ld with %s shutdown "
+                       "Connection closed to child %ld with %s shutdown "
-                      "(server %s)",
+                       "(server %s)",
-                      c->id, type, ssl_util_vhostid(c->pool, mySrvFromConn(c)));
+                       c->id, type,
+                       ssl_util_vhostid(c->pool, mySrvFromConn(c)));
     }
 
     /* deallocate the SSL connection */
@@ -1740,7 +1741,7 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
     apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
                               ssl_io_filter_cleanup, apr_pool_cleanup_null);
 
-    if (APLOGctrace4(c)) {
+    if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), APLOG_TRACE4)) {
         BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
         BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
     }
@@ -1850,18 +1851,18 @@ long ssl_io_data_cb(BIO *bio, int cmd,
     if (   cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
         || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
         if (rc >= 0) {
-            ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s,
+            ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s,
                     "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",
                     SSL_LIBRARY_NAME,
                     (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
                     rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
                     bio, argp,
                     (argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
-            if ((argp != NULL) && APLOGctrace7(c))
+            if ((argp != NULL) && APLOG_CS_IS_LEVEL(c, s, APLOG_TRACE7))
                 ssl_io_data_dump(s, argp, rc);
         }
         else {
-            ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s,
+            ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s,
                     "%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]",
                     SSL_LIBRARY_NAME, argi,
                     (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),

modules/ssl/ssl_engine_kernel.c

@@ -2138,10 +2138,10 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
          * There is one special filter callback, which is set
          * very early depending on the base_server's log level.
          * If this is not the first vhost we're now selecting
-         * (and the first vhost doesn't use APLOG_DEBUG), then
+         * (and the first vhost doesn't use APLOG_TRACE4), then
          * we need to set that callback here.
          */
-        if (APLOGdebug(s)) {
+        if (APLOGtrace4(s)) {
             BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
             BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
         }

server/log.c

@@ -820,6 +820,19 @@ AP_DECLARE(void) ap_log_rerror_(const char *file, int line, int module_index,
     va_end(args);
 }
 
+AP_DECLARE(void) ap_log_cserror_(const char *file, int line, int module_index,
+                                 int level, apr_status_t status,
+                                 const conn_rec *c, const server_rec *s,
+                                 const char *fmt, ...)
+{
+    va_list args;
+
+    va_start(args, fmt);
+    log_error_core(file, line, module_index, level, status, s, c,
+                   NULL, NULL, fmt, args);
+    va_end(args);
+}
+
 AP_DECLARE(void) ap_log_cerror_(const char *file, int line, int module_index,
                                 int level, apr_status_t status,
                                 const conn_rec *c, const char *fmt, ...)

server/util_debug.c

@@ -139,6 +139,28 @@ AP_DECLARE(int) ap_get_conn_module_loglevel(const conn_rec *c, int module_index)
     return l->module_levels[module_index];
 }
 
+#if defined(ap_get_conn_server_module_loglevel)
+#undef ap_get_conn_server_module_loglevel
+AP_DECLARE(int) ap_get_conn_server_module_loglevel(const conn_rec *c,
+                                                   const server_rec *s,
+                                                   int module_index);
+#endif
+
+AP_DECLARE(int) ap_get_conn_server_module_loglevel(const conn_rec *c,
+                                                   const server_rec *s,
+                                                   int module_index)
+{
+    const struct ap_logconf *l = (c->log && c->log != &c->base_server->log) ?
+                                 c->log : &s->log;
+    if (module_index < 0 || l->module_levels == NULL ||
+        l->module_levels[module_index] < 0)
+    {
+        return l->level;
+    }
+
+    return l->module_levels[module_index];
+}
+
 #if defined(ap_get_request_module_loglevel)
 #undef ap_get_request_module_loglevel
 AP_DECLARE(int) ap_get_request_module_loglevel(const request_rec *c, int module_index);